package cn.edu.gzhu.workOrderManagement.intercepter;

import cn.edu.gzhu.workOrderManagement.constants.UserConstant;
import cn.edu.gzhu.workOrderManagement.mapper.UserMapper;
import cn.edu.gzhu.workOrderManagement.pojo.entity.User;
import cn.edu.gzhu.workOrderManagement.wrapper.CachedBodyHttpServletRequestWrapper;
import cn.hutool.json.JSONUtil;
import io.jsonwebtoken.Claims;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;
import java.util.List;

/**
 * 这是一个授权拦截器只拦截 /user/updateUser 路径的请求,位于拦截器链的第二位
 * @author chen xi
 */

@Component
@Slf4j
public class UpdateUserInterceptor implements HandlerInterceptor {
    @Autowired
    UserMapper userMapper;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        log.info("拦截到用户更新请求");
        Claims claims =(Claims) request.getAttribute("claims");
        //从请求体中获取参数
        CachedBodyHttpServletRequestWrapper wrapper = new CachedBodyHttpServletRequestWrapper(request);
        String body = wrapper.getBody();
        User changedUser = JSONUtil.toBean(body, User.class);

        Integer changedAuthority = -1;
        if (request.getParameter("authority")!=null&& !request.getParameter("authority").isEmpty()) {
           changedAuthority = changedUser.getAuthority();
        }
        String targetUsername = changedUser.getUsername();
        String changedOrganization = changedUser.getOrganization();
        Boolean changedIsAvailable =changedUser.getIsAvailable();
        //目标用户名为空直接拒绝
        if (targetUsername==null||targetUsername.isEmpty()){
            response.setStatus(401);
            return false;
        }

        //普通用户访问策略
        if (((Integer)claims.get("authority")).equals(UserConstant.COMMON_USER)){
            //操作对象不是自己，拒绝访问
            if (!claims.get("username").equals(targetUsername)){
                response.setStatus(401);
                return false;
            }
            //拒绝操作权限等级
            if (changedAuthority!=-1){
                response.setStatus(401);
                return false;
            }
            //拒绝操作账户可用性
            if (changedIsAvailable!=null){
                response.setStatus(401);
                return false;
            }
            //拒绝操作归属组织
            if (changedOrganization!=null && !changedOrganization.isEmpty()){
                response.setStatus(401);
                return false;
            }
        }

        //组织负责人访问策略
        if (((Integer)claims.get("authority")).equals(UserConstant.SUPERINTENDENT)){
            List<User> users = userMapper.listByConditions(User.builder().username(targetUsername).build());
            User targetUser = users.get(0);
            //拒绝操作非本组织成员
            if(!claims.get("organization").equals(targetUser.getOrganization())){
                response.setStatus(401);
                return false;
            }
            //当操作目标权限大于或等于企业负责人时，拒绝
            if (targetUser.getAuthority()>=UserConstant.SUPERINTENDENT){
                response.setStatus(401);
                return false;
            }
            //拒绝操作权限等级
            if (changedAuthority!=-1){
                response.setStatus(401);
                return false;
            }
            //拒绝操作归属组织
            if (changedOrganization!=null && !changedOrganization.isEmpty()){
                response.setStatus(401);
                return false;
            }
        }
        //暂定管理员可任意操作

        log.info("放行");
        return true;
    }

}
